The Hacking Project: A Boring Update: CTFs and ISO27001

November 6, 2020

Main focus for this week has been CTFs on Hacker101 but I have also spent a few hours looking into security in a broader perspective. Most of that focus has been on ISO27001.

CTF progress has been both up and down. One of the things I’ve been focusing on, aside from just doing the CTFs, is to not let my progress affect my mood at the end of the day as happened last week. Probably impossible to completely succeed with, but my feeling is that as long as I’m aware of myself, I can at least to some degree decide if I’m happy or not.

The CTFs on Hacker101 are graded into easy, moderate and hard. Although I only do one at a time, it is possible to work on as many CTFs at a time as one wants.
I’m able to find most flags on the easy difficulty. However, the last flag usually eludes me. I’m okay with this as I don’t think skill or knowledge is the problem, rather, since there are so many other flags on the website it gets a bit confusing after a while. I consider it to be okay to proceed to another level when I got all flags except one, then return a week later or so with a fresh mind.
It should be mentioned that there is a hint-system available but I absolutely do not use this! Again, it is better to leave the problem and come back later.
The ‘moderate’-difficulty level just just around the corner and I will start working on it the coming weeks.

To say something about ISO27001 it is, in one sentence, a standard for how to effectively implement and maintain security in organizations. It is quite heavy and I have only scratched the surface. I have a plan to take a full week and dig into the standard.

Upon closing this update my reflection is that it is the most boring one I have written so far and I want to change the way I write these updates.
Right now I’m mixing “what I have done” with “how things work” in a way which makes justice to none. For example: this week I have written some information about how CTFs work, but it’s not complete and it is mixed with my other activities this week. It’s basically spaghetti.

A better way might be:

I might be able to do something like this when I dig into ISO27001. We’ll see.